Page 2 of 2
Posted: Tue Jul 01, 2003 1:26 pm
by nielsene
Stoker wrote:mandio, what will you be using it for and in what kind of environment? If you are having a shared account, and your scripts are world readable, your key is no safer than the data and there is no point in encrypting at all..
I'ld disagree (surprise). Every little bit helps. A person snooping around where they shouldn't might not know how to decrypt stuff they find. It depends on what attacks you think are likely to occur against you.
But, yes, if you're on a shared server, I'ld look to get off. I know various hosting services offer "virtual machines" in many cases this is a good enough compromise between shared/dedicated that will keep the other hostee out of your files.
Posted: Tue Jul 01, 2003 1:35 pm
by m@ndio
hi guys I do appreciate all these comments. Here is the scenario I am facing:
As a developer I have been given the task of developing a bespoke shop system that can be re-used with minor tweaks and add ons for various clients (obviously you dont write a shop if you done one before, you just take that one and make the neccessary tweaks).
Now I need a bit of advice as to which steps to take.
All I want to do is:
1. user goes to the shop
2. adds stuff to basket etc..
3. proceeds to checkout stage (at this point should it jump to an ssl server?)
4. user enters their credit card details into the form
5. encrypt the users credit card details (unsure of which method is most effective)
6. store the encrypted stuff in the database
7. the shop owner (our client) is notified that there was an order
8. shop owner logs on to a control panel (should this be ssl?)
9. orders are de-crypted
10. shop owner processes order and deletes orders
11. shop owner logs off.
thats what I am trying to achieve all I would like some advice from you guys as to how you would make this secure?
the shop will be hosted on a shared server (that we own), running mcrypt and the data will be stored in a mysql db.
thx in advance

Posted: Tue Jul 01, 2003 1:43 pm
by Stoker
yes, step 3-4 must be ssl to ensure safe transport from client to server.
step 5, I would use GnuPG, PGP or OpenSSL S/Mime.
step 8-9, if viewing sensitive data this must be SSL as well yes. But my opinion is that this sort of functionality does not belong on any shared server.
Eric will likely disagree with me

I would suggest using GPG encryption and have a local/offline utility for fetching/decrypting the information. The very simplest way is using GPG or S/Mime mail.. even if the shop-owner has poor security on his office cmputer, at least you did your job on the website and you (hopefully) gave him proper instructions on how to implement in the local office..
Posted: Tue Jul 01, 2003 1:46 pm
by m@ndio
thx for the reply, the only problem is... I don't have gnuPG, PGP or open ssl installed on the server, but I do have mcrypt is it still secure enough using mcrypt?
edit: when you say "it doesn't belong on a shared server" it would not be feasible as a company to buy a dedicated server for every shop that we produce we have about 20 new shop clients a year... (if you didnt mean this I appologise)
Posted: Tue Jul 01, 2003 1:59 pm
by Stoker
Depends on your definition of shared server, is there other clients on the server that can upload their own scripts and such (standard webhosting) ? If so, that is shared.. Otherwise, if this is your dedicated machine and you are doing this just as a service and none of your customers can upload their own code (no SSH/login etc), its a different story, that it not shared :_
It is not secure enough in my opinion on a shared server (which most web-hosting-resellers like myself offer).
GnuPG is no problem to install, no need for root access or anything, its very simple

Posted: Tue Jul 01, 2003 2:02 pm
by m@ndio
we update the client's sites for them so no they will never or extremely rarely upload their own stuff.
Posted: Tue Jul 01, 2003 2:13 pm
by nielsene
m@ndio wrote:
1. user goes to the shop
2. adds stuff to basket etc..
3. proceeds to checkout stage (at this point should it jump to an ssl server?)
4. user enters their credit card details into the form
5. encrypt the users credit card details (unsure of which method is most effective)
6. store the encrypted stuff in the database
7. the shop owner (our client) is notified that there was an order
8. shop owner logs on to a control panel (should this be ssl?)
9. orders are de-crypted
10. shop owner processes order and deletes orders
11. shop owner logs off.
Steps 3&4 require SSL connections
Steps 5&6 require some reversible encryption prior to transmition of the cc details to the database server.
Step 7 can be plaintext
Step 8-11 should be SSL
From the way I read your hosting plan. You have a dedicated server that hosts multiple sites. You have complete control over the lockdown of the webserver. If the number of users who have permission to the production server is low and highly controlled, then use symmetric encryption for setps 5&6. If there is a larger number of local users, or I'm mis-interpreting your setup, then
Stoker's plan is better, but less convienent. (Of course security is almost always a trade off against conveience)
Posted: Tue Jul 01, 2003 2:22 pm
by m@ndio
thx guys one more thing sorry this is getting messy

.
On very rare circumstances this shop will be implemented on a shared server with lots of users with telnet/shell access logging into their own webspace.
Stoker you mentioned that this method is not secure enough to be run on a shared server.. In this case how would you implement the system?
You guys have probably answered this question already if you have I appologise.
p.s. It's nice to hear a couple of opinions of how different people do it.
Posted: Tue Jul 01, 2003 3:01 pm
by Stoker
myself I would create the webshop so that the admin-interface to it is not on the server, but a local program or something that download orders and info from the server and process it locally. This also makes it easy to manipulate products wihout publishing for bulk-post to the webserver later..
Since your software appears not to be doing direct merchant gateway authorizations I assume that the order volume is low? In such instances captuing the info and putting it all in a gpg'd email is the easiest way.. Then using something like Mozilla/Enigmail to decrypt it..
Posted: Tue Jul 01, 2003 3:05 pm
by m@ndio
stoker, sorry to keep bugging you mate... When you say get a program to download the orders... do you mean write a program i.e. in Visual C of VB? or are there progz out there?